# Release Notes {% hint style="info" %} **PMK 5.12.2 patch is available now** [Release Notes for PMK 5.12.2](https://platform9.com/docs/5.12/kubernetes/release-notes#pmk-5122-patch-released-2025-07-28) {% endhint %} ## PMK 5.12.0 Release Summary (Released 2025-03-22) The Platform9 Managed Kubernetes (PMK) version 5.12 release is now generally available with active support for Kubernetes **v1.31**. This release brings new features, enhancements and critical bug fixes to improve overall user experience and stability. {% hint style="danger" %} **Kubernetes 1.29 Deprecated** Kubernetes v1.28 and lower versions are marked as End of Life on PMK 5.12 New clusters are to be created on Kubernetes v1.30 or above. All clusters must be upgraded to at least Kubernetes v1.29 before upgrading from PMK 5.11.x to PMK 5.12 {% endhint %} {% hint style="warning" %} **Kubernetes 1.29 Deprecated** * Kubernetes v1.29 is marked as deprecated. * New clusters should be created on Kubernetes v1.30 or above. {% endhint %} ## Release Highlights #### New Features `Added`Added active support for Kubernetes 1.31. `Added`Added support for RHEL 8.10: [auto$](https://github.com/platform9/pcd-docs-gitbook/blob/main/kubernetes/support-matrix/README.md). #### Feature Updates `Added` UI performance improvements when loading a large number of Kubernetes objects like namespaces, pods, deployments, services etc. with improved caching strategy in rendering. `Added` Updated libraries/ module dependencies to fix CVEs `Added` Added ability to modify the verbosity level for kube-api server. #### Deprecations, Feature Removal and EOL information * Following Operating Systems are no longer supported with PMK 5.12 and above. Check the PMK 5.12 support here: [auto$](https://github.com/platform9/pcd-docs-gitbook/blob/main/kubernetes/support-matrix/README.md) * RHEL 8.6 * RHEL 8.7 * Rocky 9.2 * Centos 7.9 #### Platform9 CLI The *pf9ctl* release 1.30 is now available ([release notes for pf9ctl v1.30](https://github.com/platform9/pf9ctl/releases/tag/1.30)) and can be installed by running the following command {% tabs %} {% tab title="Bash" %} ```bash bash <(curl -sL https://pmkft-assets.s3-us-west-1.amazonaws.com/pf9ctl_setup) ``` {% endtab %} {% endtabs %} ### Bug Fixes `Fixed` Fixed the issue causing MetalLB addon in BGP mode to report unhealthy state due to the bug [Community validation webhook denies all updates](https://github.com/metallb/metallb/issues/2597) in upstream MetalLB v0.14.2. Upgraded MetalLB addon to [v0.14.9](https://metallb.universe.tf/release-notes/#version-0-14-9) to solve the issue. `Fixed` Fixed an issue causing host onboarding to fail for new hosts on DU having dynamic kubelet configuration DKC. `Fixed` Fixed the issues that caused add-on operator to remove the custom cert manager objects on disabling Luigi and custom prometheus objects on disabling the pf9-monitoring add-on. `Fixed` Fixed an issue due to which existing default apiserver flags could not be modified (e.g. `service-account-issuer`). #### Platform9 CLI The *pf9ctl* release 1.31 is now available ([release notes for pf9ctl v1.31](https://github.com/platform9/pf9ctl/releases/tag/1.31)) and can be installed by running the following command {% tabs %} {% tab title="Bash" %} ```bash bash <(curl -sL https://pmkft-assets.s3-us-west-1.amazonaws.com/pf9ctl_setup) ``` {% endtab %} {% endtabs %} ### Known Issues `Known Issue` All existing and new AWS clusters in PMK must be configured with an is\_update flag and restricted security group rules. Without this cluster updates(such as AMI updated) and upgrades may fail. Please reach out to Platform9 support for this configuration. `Known Issue` During upgrade of a PMK cluster, uninstallation of pf9-kube package may be incomplete/ stuck, if there are any workloads whose associated containers cannot be cleanly stopped and removed. Contact platform9 support if this is observed. `Known Issue` On Rocky Linux 9 (tested on 9.2 and 9.4), platform9's pf9-kube package installs `iptables-services` as a dependency. With recent updates to the upstream repositories, installation will fail due to a missing dependency on `iptables-legacy-*` packages. `Known Issue` (On Rocky Linux 9) Users will need to install the legacy packages by running `dnf install iptables` or `dnf install iptables-utils` on workload cluster nodes. Since this is a recent upstream change, a solution will be provided in upcoming releases by packaging the required packages along with `pf9-kube` package. `Known Issue` AWS clusters using flannel CNI need to be updated to use port 2379 instead of 4001 from1.22 version onwards. Workaround is to go to the "Edit cluster" option on the UI and clicked on "Update cluster" without making any changes. This adds the 2379 ingress rule to the master ELB. `Known Issue` When a detach operation is performed on a master node in a multi master cluster, it takes approximately 30 minutes to complete all the detach operations and perform cleanup on the node. Therefore, if you want to reattach this node to any other cluster, you need to wait for the nodelet to stop all the phases and perform cleanup before attempting to reattach the node. `Known Issue` In some scenarios, after a node is removed from the qbert clusters, nodelet fails to cleanup the data. Workaround is to check and remove the /var/opt/pf9/kube directory if present, even after the node is deauthorized. `Known Issue` Cluster upgrade attempt is blocked on UI post a cluster upgrade failure due to nodes being in a converging/not converged state. `Known Issue` Kubelet authorization mode is marked set to AlwaysAllow instead of Webhook. `Known Issue` PMK Cloud provider created directly in Sunpike cannot be used to create qbert clusters. Qbert cloud providers will work to create both qbert and sunpike clusters. But cloud providers created directly in sunpike CANNOT be used to create qbert clusters. Please use the appropriate one based on your needs. `Known Issue` In PMK versions 5.12.0 and 5.12.1, vouch does not create new tokens and roles during redeployment if existing vouch data is present in Consul. The system incorrectly skips token and role creation, leading to deployment and node onboarding failures. `Known Issue`: AWS cluster creation fails with worker nodes stuck at the nodelet phase `Apply and validate node taints` (fixed in PMK 5.12.1) ### Package Updates #### PMK 5.12 Latest Kubernetes Components List | Component | Kubernetes 1.31 | Kubernetes 1.30 | Kubernetes 1.29 | | ------------------------------------ | ----------------- | ------------------ | ------------------ | | KUBERNETES BUILD VERSION | 1.31.5-pmk.**81** | 1.30.4-pmk.**139** | 1.29.2-pmk.**245** | | CONTAINERD | 1.7.13 | 1.7.13 | 1.7.13 | | RUNC | 1.1.12 | 1.1.12 | 1.1.12 | | CORE-DNS | 1.11.1 | 1.11.1 | 1.11.1 | | METRICS SERVER | 0.6.4 | 0.6.4 | 0.6.4 | | METAL LB | 0.14.**9** | 0.14.**9** | 0.14.**9** | | KUBERNETES DASHBOARD | 2.7.0 | 2.7.0 | 2.7.0 | | CLUSTER AUTO-SCALER AWS | 1.28.0 | 1.28.0 | 1.28.0 | | FLANNEL | 0.24.2 | 0.24.2 | 0.24.2 | | CALICO | 3.27.2 | 3.27.2 | 3.27.2 | | ETCD | 3.5.12 | 3.5.12 | 3.5.12 | | CNI PLUGINS | 1.4.0 | 1.4.0 | 1.4.0 | | KUBEVIRT | 1.0.0 | 1.0.0 | 1.0.0 | | KUBEVIRT CDI | 1.57.0 | 1.57.0 | 1.57.0 | | ADVANCED NETWORKING OPERATOR (LUIGI) | 0.5.8 | 0.5.8 | 0.5.8 | | MONITORING - PROMETHEUS OPERATOR | 0.68.1 | 0.68.1 | 0.68.1 | | PROFILE AGENT | 2.0.2 | 2.0.2 | 2.0.2 | | METAL3 | 1.1.1 | 1.1.1 | 1.1.1 | ## PMK 5.12.1 Patch (Released 2025-05-01) `Added` Added support for **Ubuntu 24.04 LTS** (Refer [Managed Kubernetes Support Matrix](https://platform9.com/docs/5.11/kubernetes/support-matrix)) `Added` Updated libraries/ module dependencies to fix CVEs ### Bug Fixes `Fixed` Fix for CVE in nginx-ingress-controller PMK-6652: CVE-2025-1974: ingress-nginx admission controller RCE, CVS Score 9.8 `Fixed` Fixed: AWS cluster creation failed (in PMK 5.12.0) with worker nodes stuck at the nodelet phase `Apply and validate node taints` `Fixed` Fixed a regression that affected Grafana monitoring managed addon (installed from Platform9 UI managed the addon operator) due to the earlier fix for CVE-2025-1974: ingress-nginx admission controller applied to the management plane. Grafana UI now loads properly and is not redirected to another page. #### Platform9 CLI The *pf9ctl* [release 1.32](https://github.com/platform9/pf9ctl/releases/tag/v1.32) is now available with support for Ubuntu 24 and can be installed by running the following command. {% tabs %} {% tab title="Bash" %} ```bash bash <(curl -sL https://pmkft-assets.s3-us-west-1.amazonaws.com/pf9ctl_setup) ``` {% endtab %} {% endtabs %} ### Known Issues **Same as PMK 5.12.0** (see above [known issues in PMK 5.12.0](https://platform9.com/docs/5.12/kubernetes/release-notes#known-issues)) ### PMK 5.12.1 Latest Kubernetes Components List | Component | Kubernetes 1.31 | Kubernetes 1.30 | Kubernetes 1.29 | | ------------------------------------ | ----------------- | ------------------ | ------------------ | | KUBERNETES BUILD VERSION | 1.31.5-pmk.**96** | 1.30.4-pmk.**157** | 1.29.2-pmk.**266** | | CONTAINERD | 1.7.13 | 1.7.13 | 1.7.13 | | RUNC | 1.1.12 | 1.1.12 | 1.1.12 | | CORE-DNS | 1.11.1 | 1.11.1 | 1.11.1 | | METRICS SERVER | 0.6.4 | 0.6.4 | 0.6.4 | | METAL LB | 0.14.**9** | 0.14.**9** | 0.14.**9** | | KUBERNETES DASHBOARD | 2.7.0 | 2.7.0 | 2.7.0 | | CLUSTER AUTO-SCALER AWS | 1.28.0 | 1.28.0 | 1.28.0 | | FLANNEL | 0.24.2 | 0.24.2 | 0.24.2 | | CALICO | 3.27.2 | 3.27.2 | 3.27.2 | | ETCD | 3.5.12 | 3.5.12 | 3.5.12 | | CNI PLUGINS | 1.4.0 | 1.4.0 | 1.4.0 | | KUBEVIRT | 1.0.0 | 1.0.0 | 1.0.0 | | KUBEVIRT CDI | 1.57.0 | 1.57.0 | 1.57.0 | | ADVANCED NETWORKING OPERATOR (LUIGI) | 0.5.8 | 0.5.8 | 0.5.8 | | MONITORING - PROMETHEUS OPERATOR | 0.68.1 | 0.68.1 | 0.68.1 | | PROFILE AGENT | 2.0.2 | 2.0.2 | 2.0.2 | | METAL3 | 1.1.1 | 1.1.1 | 1.1.1 | ## PMK 5.12.2 Patch (Released 2025-07-28) ### Bug Fixes `Fixed` In PMK versions 5.12.0 and 5.12.1, vouch failed to create new tokens and roles during redeployment when existing vouch data was present in Consul. The system incorrectly skipped creating new entries if previous entries existed, which caused deployment and node onboarding failures.